Based on current practice for user termination process, head of users/users who resigned have to submit request to IT Security team for termination.
Meantime, Human Resource officer provide list of current staff in share point which IT security can access.
With this process, there are risk opportunities that users do not submit the requests and IT security officers are not aware on list of current staff posted in share drive.
Moreover, based on our review on user profiles of resigned staff in AS/400, we found 14 user ids had not been terminated.
Dormant user review for half-year 2014 has not been performed.